3.6. Configuring VRRP with CLI

This section provides information to configure VRRP using the command line interface.

3.7. VRRP Configuration Overview

Configuring VRRP policies and configuring VRRP instances on interfaces and router interfaces is optional. The basic owner and non-owner VRRP configurations on an IES or router interface must specify the backup ip-address parameter.

VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP address shared between two or more routers connecting the common domain. VRRP provides dynamic fail over of the forwarding responsibility if the master becomes unavailable.

The VRRP implementation allows one master per IP subnet. All other VRRP instances in the same domain must be in backup mode.

3.7.1. Preconfiguration Requirements

VRRP policies:

  1. VRRP policies must be configured before they can be applied to an interface or IES VRRP instance. VRRP policies are configured in the config>vrrp context.

Configuring VRRP on an IES service interface:

  1. The service customer account must be created before configuring an IES VRRP instance.
  2. The interface address must be specified in the both the owner and non-owner IES or router interface instances.

3.8. Basic VRRP Configurations

This section contains information about basic VRRP configurations.

3.8.1. VRRP Policy

Configuring and applying VRRP policies are optional. There are no default VRRP policies. Each policy must be explicitly defined. A VRRP configuration must include the following:

  1. Policy ID
  2. Define at least one of the following priority events:
    1. Port down
    2. LAG port down
    3. Host unreachable
    4. Route unknown

The following is a sample VRRP policy configuration output.

A:SR2>config>vrrp>policy# info
----------------------------------------------
            delta-in-use-limit 50
            priority-event
                port-down /1/2
                    hold-set 43200
                    priority 100 delta
                exit
                port-down /1/3
                    priority 200 explicit
                exit
                lag-port-down 1
                    number-down 3
                        priority 50 explicit
                    exit
                exit
                host-unreachable 10.10.24.4
                    drop-count 25
                exit
                route-unknown 10.10.0.0/32
priority 50 delta
 
                exit
            exit
----------------------------------------------

3.8.2. VRRP IES Service Parameters

VRRP parameters are configured within an IES service with two contexts, owner or non-owner. The status is specified when the VRRP configuration is created. When configured as owner, the virtual router instance owns the backup IP addresses. All other virtual router instances participating in this message domain must have the same VRID configured and cannot be configured as owner.

For IPv4, up to 4 virtual routers IDs (vrid) can be configured on an IES service interface.

VRRP parameters configured within an IES service must include the following:

  1. VRID
  2. Backup IP addresses

The following is a sample IES service owner and non-owner VRRP configuration output.

A:SR2>config>service>ies# info
----------------------------------------------
            interface "tuesday" create
                address 10.10.36.2/24
                sap 7/1/1.2.2 create
                vrrp 19 owner
                    backup 10.10.36.2
                    authentication-type password
                    authentication-key "testabc"
                exit
            exit
            interface "testing" create
                address 10.10.10.16/24
                sap 1/1/55:0 create
                vrrp 12
                    backup 10.10.10.15 
                    policy 1
                    authentication-type password
                    authentication-key "testabc"
                exit
            exit
            no shutdown
----------------------------------------------
A:SR2>config>service>ies#

3.8.3. VRRP Router Interface Parameters

VRRP parameters are configured on a router interface with two contexts, owner or non-owner. The status is specified when the VRRP configuration is created. When configured as owner, the virtual router instance owns the backed up IP addresses. All other virtual router instances participating in this message domain must have the same VRID configured and cannot be configured as owner.

For IPv4, up to 4 virtual routers IDs (VRIDs) can be configured on a router interface. For IPv6, only one virtual router instance can be configured on a router interface.

VRRP parameters configured on a router interface must include the following:

  1. VRID
  2. Backup IP addresses

The following is a sample router interface owner and non-owner VRRP configuration output.

A:SR4>config>router# info
#------------------------------------------
echo "IP Configuration "
#------------------------------------------
        interface "system"
            address 10.10.0.4/32
        exit
        interface "test1"
            address 10.10.14.1/24
            
 
 
        exit
        interface "test2"
            address 10.10.10.23/24
            vrrp 1 owner
                backup 10.10.10.23
              
                authentication-key "testabc"
            exit
        exit
#------------------------------------------
A:SR4>config>router#

3.9. Common Configuration Tasks

This section provides a brief overview of the tasks that must be performed to configure VRRP and provides the CLI commands.

VRRP parameters are defined under a service interface or a router interface context. An IP address must be assigned to each IP interface. Only one primary IP address can be associated with an IP interface, but several secondary IP addresses can also be associated.

Owner and non-owner configurations must include the following parameters:

  1. All participating routers in a VRRP instance must be configured with the same VRID.
  2. The owner configuration must include at least one backup IP address.
  3. For IPv6, all participating routers must be configured with the same link-local backup address (the address configured for the owner instance).

Other owner and non-owner configurations include the following optional commands:

  1. authentication-key
  2. message-interval

In addition to the common parameters, the following non-owner commands can be configured:

  1. master-int-inherit
  2. priority
  3. policy
  4. ping-reply
  5. preempt
  6. telnet-reply
  7. ssh-reply (IPv4 only)
  8. [no] shutdown

3.9.1. Creating Interface Parameters

If you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.

The following is a sample IP interface configuration output.

A:SR1>config>router# info
#------------------------------------------
echo "IP Configuration "
#------------------------------------------
        interface "system"
            address 10.10.0.1/32
        exit
        interface "testA"
            address 10.123.123.123/24
        exit
        interface "testB"
            address 10.10.14.1/24
            secondary 10.10.16.1/24
            secondary 10.10.17.1/24
            secondary 10.10.18.1/24
        exit
        router-id 10.10.0.1
#------------------------------------------
A:SR1>config>router#

3.10. Configuring VRRP Policy Components

The following is a sample VRRP policy configuration output.

A:SR1>config>vrrp# info
----------------------------------------------
        policy 1
            delta-in-use-limit 50
            priority-event
                port-down 1/1/2
                    hold-set 43200
                    priority 100 delta
                exit
                route-unknown 0.0.0.0/0
                    protocol isis
                exit
            exit
        exit
----------------------------------------------
A:SR1>config>vrrp#

3.10.1. Configuring Service VRRP Parameters

VRRP parameters can be configured on an interface in a service to provide virtual default router support which allows traffic to be routed without relying on a single router in case of failure.

3.10.1.1. Non-Owner VRRP Example

The following is a sample basic non-owner VRRP configuration output.

A:SR2>config>service>ies# info
----------------------------------------------
...
            interface "testing" create
                address 10.10.10.16/24
                sap 1/1/55:0 create
                vrrp 12
                    backup 10.10.10.15 
                    policy 1
               
                    authentication-key "testabc"
                exit
            exit
            no shutdown
----------------------------------------------
A:SR2>config>service>ies#

3.10.1.2. Owner Service VRRP Example

The following is a sample owner VRRP configuration output.

A:SR4>config>router# info
#------------------------------------------
echo "IP Configuration "
#------------------------------------------
...
        interface "test2"
            address 10.10.10.23/24
            vrrp 1 owner
                backup 10.10.10.23
  
                authentication-key "testabc"
            exit
        exit
#------------------------------------------
A:SR4>config>router#

3.10.2. Configuring Router Interface VRRP Parameters

VRRP parameters can be configured on an interface in an interface to provide virtual default router support which allows traffic to be routed without relying on a single router in case of failure.

3.10.2.1. Router Interface VRRP Non-Owner

The following is a sample non-owner interface VRRP configuration output.

A:SR2>config># info 
#------------------------------------------
interface "if-test"
            address 10.20.30.40/24
            secondary 10.10.50.1/24
            secondary 10.10.60.1/24
            secondary 10.10.70.1/24
            vrrp 1
                
 
 
                backup 10.20.30.41
                ping-reply
                telnet-reply
     
                authentication-key "testabc"
            exit
        exit
#------------------------------------------
A:SR2>config># 

3.10.2.2. Router Interface VRRP Owner

The following is a sample router interface owner VRRP configuration output.

A:SR2>config>router# info 
#------------------------------------------
interface "vrrpowner"
            address 10.10.10.23/24
            vrrp 1 owner
                backup 10.10.10.23
 
                authentication-key "testabc"
            exit
        exit
#------------------------------------------
A:SR2>config>router# 
 

3.11. VRRP Configuration Management Tasks

This section describes the VRRP configuration management tasks.

3.11.1. Modifying a VRRP Policy

To access a specific VRRP policy, you must specify the policy ID. To display a list of VRRP policies, use the show vrrp policy command.

The following is a sample modified VRRP policy configuration output.

A:SR2>config>vrrp>policy# info
----------------------------------------------
            delta-in-use-limit 50
            priority-event
                port-down 1/1/2
                    hold-set 43200
                    priority 100 delta
                exit
                port-down 1/1/3
                    priority 200 explicit
                exit
                host-unreachable 10.10.24.4
                    drop-count 25
                exit
            exit
----------------------------------------------
A:SR2>config>vrrp>policy#

3.11.2. Deleting a VRRP Policy

Policies are only applied to non-owner VRRP instances. A VRRP policy cannot be deleted if it is applied to an interface or to an IES service. Each instance in which the policy is applied must be deleted.

The Applied column in the following example displays whether or not the VRRP policies are applied to an entity.

A:SR2#
===============================================================================
VRRP Policies
===============================================================================
Policy    Current             Current      Current      Delta       Applied    
Id        Priority & Effect   Explicit     Delta Sum    Limit                  
-------------------------------------------------------------------------------
1  200 Explicit        200          100          50          Yes
15   254                 None         None         1           No
32   100                 None         None         1           No
===============================================================================
A:SR2#

3.11.3. Modifying Service and Interface VRRP Parameters

3.11.3.1. Modifying Non-Owner Parameters

When a VRRP instance is created as non-owner, it cannot be modified to the owner state. The VRID must be deleted and then recreated with the owner keyword to invoke IP address ownership.

3.11.3.2. Modifying Owner Parameters

When a VRRP instance is created as owner, it cannot be modified to the non-owner state. The VRID must be deleted and then recreated without the owner keyword to remove IP address ownership.

Entering the owner keyword is optional when entering the VRID for modification purposes.

3.11.3.3. Deleting VRRP on an Interface or Service

The VRID does not need to be shut down to remove the virtual router instance from an interface or service.

Example:
config>router#interface
config>router# interface if-test
config>router>if# shutdown
config>router>if# exit
config>router# no interface if-test
config>router#

The following shows the command usage to delete a VRRP instance from an interface or IES service.

Example:
config>service#ies 10
config>service>ies# interface “test”
config>service>ies>if# vrrp 1
config>service>ies>if>vrrp# shutdown
config>service>ies>if>vrrp# exit
config>service>ies>if# no vrrp 1
config>service>ies>if# exit all